Legal
Privacy Policy
Flit — heyflit.com & haiku.heyflit.com
Operated by Summit Paycom Private Limited, Bengaluru, India
Effective date: January 10, 2026
Last updated: March 15, 2026
On this page▾
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Legal Basis for Processing (DPDP Act, 2023)
- 5. How We Share Your Information
- 6. Data Security
- 7. Cookies and Similar Technologies
- 8. Your Rights
- 9. Data Retention
- 10. Children's Privacy
- 11. Grievance Officer
- 12. International Data Transfers
- 13. Changes to This Policy
- 14. Contact Us
1. Introduction
This Privacy Policy explains how Flit collects, uses, shares, stores, and protects information when you use heyflit.com, haiku.heyflit.com, our mobile and web applications, and any related services (together, the "Platform").
The Platform connects two kinds of users:
- Brands and agencies — businesses and their team members who use Flit to discover, contract, and pay creators, and to manage campaigns through Haiku.
- Creators — influencers and content creators who receive briefs, sign agreements, and get paid through Flit.
This Policy applies to anyone who visits our websites, creates an account, connects a social media account, or otherwise uses the Platform. By using the Platform, you agree to the practices described here. If you do not agree, please do not use the Platform.
This Policy is drafted to comply with India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), and to meet the data-use and disclosure requirements imposed by the platforms we integrate with, including Meta Platforms, Inc. (Facebook/Instagram), Google LLC (YouTube), LinkedIn Corporation, and X Corp. (Twitter/X) (each a "Connected Platform").
2. Information We Collect
2.1 Information you give us directly
| Category | Examples |
|---|---|
| Account & identity | Name, email, phone number, role (brand/agency/creator), company name and GSTIN (for brands) |
| Financial & tax information | Bank account details, UPI ID, PAN, GSTIN, and other information required to process payouts, deduct TDS, and generate GST-compliant invoices |
| Contract & deal information | Campaign briefs, deliverables, rates, contract terms, e-signatures, and communication tied to a specific deal |
| Support communications | Messages you send to our support team |
We collect financial and KYC information directly because Flit, not a third-party payment aggregator, performs payout processing, TDS deduction, and GST compliance for transactions on the Platform. This information is held under the security and access controls described in Section 6.
2.2 Information from connecting your social media accounts
Flit integrates with Instagram and Facebook (Meta Platforms, Inc.), YouTube (Google LLC), LinkedIn (LinkedIn Corporation), and Twitter/X (X Corp.). If you choose to connect any of these accounts to Flit, we request your permission to access:
- Basic profile information — your name, profile picture, and the handle/channel you connect, used to verify that you are the genuine owner of the account being engaged for a campaign.
- Content and insights data — metrics on posts, videos, or content you publish in connection with a brand deal (such as reach, impressions, likes, comments, and views), used to (a) generate performance reports for the brand you're working with, and (b) confirm that a contracted deliverable (e.g., a sponsored post or video going live) has actually been published, which can trigger the corresponding payment milestone.
We only request the specific permissions needed for these purposes, and only at the scope each platform's developer policies and review process approve for our app. We do not access your private messages, contacts, or content unrelated to a campaign on Flit.
You are in control of these connections. You can disconnect any linked account from Flit at any time from Account Settings → Connected Accounts, or directly through that platform's own account settings (e.g., Facebook/Instagram "Apps and Websites," Google account permissions, LinkedIn data settings, or X connected apps). Disconnecting stops any further data collection from that platform. You may also request deletion of previously collected data under Section 8.
2.3 Information collected automatically
When you visit our websites or use the Platform, we automatically collect technical information such as IP address, browser type, device identifiers, operating system, and usage data (pages visited, features used, timestamps), typically through cookies or similar technologies. See Section 7 for details on cookies.
2.4 Information from other sources
We may receive information from:
- Payment and banking partners, to confirm whether a payout succeeded or failed.
- Identity verification providers, where used to validate KYC documents.
- The brand or agency you work with on a deal, such as a brief or contract they create involving you.
3. How We Use Your Information
We use the information described above to:
- Create and manage your account and authenticate your identity.
- Facilitate contracts, briefs, and agreements between brands and creators.
- Process payments, including UPI/bank transfers, TDS deduction, and GST invoice generation.
- Verify that a creator genuinely owns the social media account or channel associated with a deal.
- Generate campaign performance reports for brands, using post/content metrics tied to a specific deal.
- Detect whether a contracted deliverable has been completed, to release the associated payment.
- Provide customer support and respond to inquiries.
- Maintain the security, integrity, and proper functioning of the Platform.
- Comply with applicable law, including tax, accounting, and financial recordkeeping obligations.
- Improve the Platform based on aggregated, de-identified usage patterns.
We do not use data obtained from any Connected Platform for advertising, to build user profiles outside the context of a creator's Flit campaigns, or for any purpose unrelated to facilitating brand–creator collaborations on Flit.
4. Legal Basis for Processing (DPDP Act, 2023)
Under the DPDP Act, we process your personal data on the following grounds:
- Consent — for optional features, such as connecting a social media account, or receiving marketing communications.
- Performance of a contract — to process payments, generate invoices, and fulfill obligations under brand–creator agreements facilitated through the Platform.
- Legal obligation — to comply with tax law (TDS, GST), accounting standards, and other statutory requirements applicable in India.
Where we rely on your consent, you may withdraw it at any time, as described in Section 8. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal, and may limit your ability to use certain features (for example, you cannot receive performance reports from a platform you've disconnected).
5. How We Share Your Information
We do not sell your personal data. We share information only as follows:
| Recipient | Purpose | What's shared |
|---|---|---|
| Brands/creators you contract with | To fulfill a deal you've entered into on the Platform | Contact details, deliverables, performance metrics relevant to that specific deal |
| Payment processing partners and banks | To execute payouts | Bank/UPI details, transaction amounts |
| Tax and compliance service providers | TDS filing, GST invoicing, statutory compliance | Financial and identity information required for filings |
| Cloud hosting and infrastructure providers | To run and secure the Platform | Data necessary to host and operate the service |
| Connected Platforms (Meta, Google/YouTube, LinkedIn, X) | Only as a function of you connecting your account — we send API requests to retrieve the data described in Section 2.2 | Authentication tokens and the specific data scopes you authorized |
| Government or regulatory authorities | Where legally required (e.g., tax authorities, law enforcement with valid legal process) | As required by the specific request |
| Successors, in a merger or acquisition | Business continuity | Data would transfer subject to the same protections in this Policy |
We require all third-party service providers who process data on our behalf to maintain confidentiality and use the data only for the purpose we've engaged them for.
6. Data Security
We use industry-standard safeguards to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest for sensitive fields such as bank details and PAN.
- Role-based access controls, so only personnel who need financial or KYC data to do their jobs (e.g., compliance, finance) can access it.
- Regular review of access logs for sensitive data categories.
No system is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required under the DPDP Act.
7. Cookies and Similar Technologies
Our websites and Platform use cookies and similar technologies to:
- Keep you logged in and remember your preferences.
- Understand how the Platform is used, to improve it.
- Where applicable, measure the effectiveness of our own marketing.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Platform, such as staying logged in.
8. Your Rights
Under the DPDP Act, and consistent with the access our Connected Platforms require us to provide, you have the right to:
- Access the personal data we hold about you.
- Correct or update inaccurate or incomplete data.
- Withdraw consent for any processing based on consent (e.g., disconnect a linked social media account, opt out of marketing emails).
- Request erasure of your personal data, including data obtained via a Connected Platform, subject to our right/obligation to retain certain records (see Section 9).
- Nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
- File a complaint with our Grievance Officer (Section 11), and, if unresolved, with the Data Protection Board of India.
To exercise any of these rights, including requesting deletion of data we've received from a Connected Platform, contact our Grievance Officer or use Account Settings → Privacy. We will respond within the timeframe required by applicable law.
9. Data Retention
We retain personal data only as long as necessary for the purposes described in this Policy:
- Financial, tax, and transaction records (bank details, PAN, GST invoices, TDS records): retained for eight (8) years, in line with statutory recordkeeping requirements under Indian tax and company law.
- Connected Platform content and insights data (Instagram, YouTube, LinkedIn, Twitter/X): retained only for as long as needed to generate the relevant campaign report, and deleted or anonymized once the campaign closes out, unless you've separately consented to longer retention or law requires otherwise.
- Account information: retained while your account is active, and for a reasonable period after closure to handle disputes, legal claims, or regulatory requirements.
Once retention periods lapse, we securely delete or irreversibly anonymize the data.
10. Children's Privacy
The Platform is intended for business use by adults. We do not knowingly collect personal data from individuals under 18. If we learn that we have inadvertently collected such data, we will delete it promptly.
11. Grievance Officer
In accordance with the DPDP Act, 2023, you may contact our Grievance Officer for any questions, concerns, or complaints about this Policy or our data practices:
- Grievance Officer: Mouna Poovaiah
- Email: grievance@flit.in
- Address: Summit Paycom Private Limited, Bengaluru, Karnataka, India
We aim to acknowledge complaints promptly and resolve them within the timeframe prescribed under applicable law.
12. International Data Transfers
Our service providers (such as cloud hosting infrastructure) may process data outside India. Where this occurs, we take reasonable steps to ensure such providers offer a comparable level of protection to that required under the DPDP Act.
13. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, the Platform, or applicable law (including changes required by the policies of any Connected Platform). We will update the "Last updated" date above, and for material changes, we will provide additional notice (such as an in-app notification or email) before the changes take effect.
14. Contact Us
For general questions about this Policy: support@flit.in
For data protection requests and complaints: see Section 11.